Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

***'''Encrypted CNOT operation:''' <math>\sum_{a,b\in\{0,1\}}\alpha_{ab}CNOT_{a,b}^s|a\rangle|b\rangle</math></br><math>=\alpha_{ab}|a\rangle|b\oplus a\cdot s\rangle</math></br><math>=\alpha_{ab}|a\rangle|b\oplus a\cdot(\mu_0+\mu_1)\rangle</math></br><math>=\alpha_{0b}|0\rangle|b\oplus 0\rangle+\alpha_{1b}|1\rangle|b\oplus \mu_0+\mu_1\rangle</math></br><math>=\alpha_{0b}|0\rangle|b\oplus \mu_0+\mu_1\rangle+\alpha_{1b}|1\rangle|b\oplus \mu_0+\mu_1\rangle</math>,  <math>\because q\oplus q=0</math></br><math>=\alpha_{0b}|0\rangle X^{\mu_0}|b\oplus \mu_0\rangle+\alpha_{1b}|1\rangle X^{\mu_0}|b\oplus \mu_1\rangle</math>, <math>\because |q\oplus y\rangle=X^y|q\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a\rangle X^{\mu_0}|b\oplus \mu_a\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}(I\otimes X^{\mu_0})|a\rangle |b\oplus \mu_a\rangle</math></br> Thus, Server's superposition state could be written as:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes|\mu_a,r_a\rangle|y\rangle</math>

####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes(-1)^{d\cdot((\mu_0,r_0)\oplus (\mu_1,r_1))}|d\rangle</math></br>=<math>(Z^{d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1))}\otimes X^{\mu_0})\mathrm{CNOT}_{1,2}^s|\psi\rangle</math> </br>where <math>(\mu_0,r_0)=(\mu_1,r_1)\oplus_H s</math>, as <math>\oplus_H</math> is the homomorphic XOR operation.

####The server uses <math>pk_{i+1}</math> to compute HE.Enc<math>_{pk_{i+1}}(c_{x,z,pk_i})</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>.